Gadgets:
  • ret;
  • break;
  • pop eax; ret;
  • pop ebx; ret;
  • pop ecx; ret;
  • pop edx; ret;
  • xor eax, eax; ret;
  • mov edx, eax; ret;
  • inc eax; ret;
  • int 0x80;
Data&Pointers:
  • ret;
  • &."/bin/sh"
  • &.system()
  • &.exit()
  • 0x41414141
Exploit:
  • ret;
  • eax: 0x00000000
  • ebx: 0x00000000
  • ecx: 0x00000000
  • edx: 0x00000000
  • edi: 0x00000000
  • esi: 0x00000000
  • esp: 0x00000000
  • eip: 0x00000000

Stack:
  • 0x41414141

Legend:
  • Gadget
  • dword
  • &."String"
  • "String"
  • &.function()
Calling Convention: eax: param1 ebx: param2 ecx: param3 edx: param4

Goal: set eip to system() with /bin/sh in eax